Let's encrypt on local site


#1

Hi,
I have a public drupal site (www.dekaaters.be) with Let’s encrypt installed by my hosting company.
I now downloaded my site on my local pc en installed it with the tool usbwebserver.
When I try to open the local site, I got the error ‘SSL_ERROR_RX_RECORD_TOO_LONG’.

So my question is: how can I install my certificate on my local computer?

Thanks,
Gust


#2

OK, up front - I don’t know anything about “usbwebserver”. Hopefully that doesn’t matter, but I’m sure if it does someone will chime in.

Most often, this confusing error just means that the remote server wasn’t talking SSL (or TLS) after all.

Check you haven’t done anything silly like, tell an HTTP (not HTTPS) server to use port 443, or ask for an HTTPS connection on port 80.

For the certificate with the name www.dekaaters.be to be used and working with your local PC you first need to have the certificate from the web site (not a problem) but also the Private Key which will be a file stored with the web site configuration. I don’t know if your downloaded site will include this, it would likely be named privkey.pem or something very similar. Don’t show this to us! You need it for this to work, but you mustn’t show anybody what’s inside it, hence “private” key.

The site on your local PC needs to be configured to use that key and certificate (which usbwebserver might do automatically, but I have no idea) otherwise to help we’d need to know the type of web server (e.g. Apache, nginx) and so on.

Once the site is configured right, your web browser needs to believe it’s talking to www.dekaaters.be, after all that’s the name on the certificate. If the name you type into the browser and the name on the certificate don’t match, that’s a critical security error. You might be able to do this using the “hosts” file but it’s really beyond the scope of this site.


#3

Thanks for the quick response.

  • No, I did not do such silly things.

  • I don’t see any file similar with privkey.prem. On my host server, I can see the private key via PHPAdmin, so if necessary I can copy it and save it in a file named privkey.prem and save that in the root?

  • I don’t know if usbwebserver is configured to use the certificate, but it includes Apache, Mysql and PHPAdmin and the possibility to change the settings.

  • If I start up my local site via usbwebserver, the URL in my browser is not www.dekaaters.be, but localhost:8080/, wich is then automatically changed into https://localhost:8080/

  • A last remark: I don’t really need the encryption on my local site, so if you could tell me how I can suppress it, that’s also a solution.

I


#4

Aha, well, although you did not do any silly things, the web server software on your behalf has done.

http://localhost:8080/ is an HTTP server, but then https://localhost:8080/ is the same HTTP server, only your browser thinks it is expected to speak HTTPS, and you get this error.

So, I think your last remark is the best way forward, let’s stop using encryption locally. Very likely the Apache is configured with a “RewriteRule” or similar, which says that when you connect to http://anything/ it should instead send you to https://anything/. If you are able to examine the Apache configuration, you can look for RewriteRule such as

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

If you remove the right rewrite rule (you might also need to remove some adjacent lines) it should stop trying to change the URL. You should probably not do this to the “real” web site, just your local version.


#5

I looked in the Apache configurations file (httpd.conf), but didn’t find
any RewriteRule.
When I do a find for ‘ssl’ I get the following :

  • LoadModule ssl_module modules/mod_ssl.so

  • Secure (SSL/TLS) connections

#Include conf/extra/httpd-ssl.conf

Note: The following must must be present to support

starting without SSL on platforms with no /dev/random equivalent

but a statically compiled-in mod_ssl.

SSLRandomSeed startup builtin SSLRandomSeed connect builtin

I also looked at the Apache logfile, which contained the following (after
opening USBwebserver, without trying to open the local website)

[Fri Aug 05 07:47:34.209263 2016] [ssl:warn] [pid 6016:tid 512] AH01873:
Init: Session Cache is not configured [hint: SSLSessionCache]
[Fri Aug 05 07:47:34.282269 2016] [mpm_winnt:notice] [pid 6016:tid 512]
AH00455: Apache/2.4.6 (Win32) OpenSSL/1.0.1e PHP/5.4.17 configured –
resuming normal operations
[Fri Aug 05 07:47:34.283268 2016] [mpm_winnt:notice] [pid 6016:tid 512]
AH00456: Apache Lounge VC10 Server built: Jul 16 2013 11:15:41
[Fri Aug 05 07:47:34.283268 2016] [core:notice] [pid 6016:tid 512]
AH00094: Command line: ‘C:\Users\Gust\AppData\Local\Temp\USBWebserver
v8.6/apache2/bin/httpd_usbwv8.exe -d
C:/Users/Gust/AppData/Local/Temp/USBWebserver v8.6/apache2’
[Fri Aug 05 07:47:34.292270 2016] [mpm_winnt:notice] [pid 6016:tid 512]
AH00418: Parent: Created child process 8348
[Fri Aug 05 07:47:37.375576 2016] [ssl:warn] [pid 8348:tid 144] AH01873:
Init: Session Cache is not configured [hint: SSLSessionCache]
[Fri Aug 05 07:47:37.456583 2016] [mpm_winnt:notice] [pid 8348:tid 144]
AH00354: Child: Starting 64 worker threads.


#6

Seems I had to put quotes around the hashtags en ‘<’ signs, like this:

‘#’ Secure (SSL/TLS) connections
’#‘Include conf/extra/httpd-ssl.conf
’#’
’#’ Note: The following must must be present to support
’#’ starting without SSL on platforms with no /dev/random equivalent
’#’ but a statically compiled-in mod_ssl.
’#’
’<‘IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
’<’/IfModule>


#7

I found following lines in the .htacces file. Removing them didn’t help.

RewriteCond %{HTTPS} off
RewriteRule ^(.)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www.
RewriteRule ^(.
)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]


#8

Ah, I am sorry, I did not explicitly say this in my instructions but you will need to “restart” or “reload” the Apache server after removing the unwanted configuration. Does that help ?


#9

Thanks, but I always exit and restarts USBwebserver after modifying any
setting.
So that doesn’t help.
I also tried to shut down and restart my computer.
Didn’t help either.


#10

I abandoned USBWebserver and gave Acquia Dev Desktop a try. There you can specify wether you want to use SSL or not.
I had to solve one problem : rename all my database tables to get rid of the prefix drup_.
But now my local site is up and running!


#11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.